Delivering Content over HTTPS Tutorial

Set up support for HTTPS content delivery through the following procedure:

  1. Choose a delivery platform.
  2. Perform one of the following steps:

  3. Configure the CDN to communicate with your web servers over HTTPS.

    Alternatively, content may be served from an Azure block blob container.

  4. Configure your firewall to allow our network to communicate with your web servers.
  5. Create an edge CNAME configuration for the hostname associated with the TLS certificate.
  6. Update a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME. within your DNS zone to switch traffic over to our service.

Choose a Delivery Platform

Accelerate HTTP traffic by serving it through one or more of the following platforms:

Based on the following questions, choose the first platform that fits your traffic profile.

  1. Do you plan on serving content that varies by user?

    This type of content is typically generated using a scripting language (e.g., PHP).

    If so, use ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform..

  2. Does most of your content consist of static content? Static content are files stored on disk, such as HTML, CSS, JavaScript, high resolution images, multimedia, and software downloads.

    If so, use HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS..

TLS Certificate

Support for HTTPS content delivery requires that a TLS certificate be installed on our network. TLS certificate setup varies according to whether your account has been upgraded to use our Certificate Provisioning System.

Legacy HTTPS: Request a TLS certificate from your CDN account manager.

Be prepared to provide the following information:

Wait until your CDN account manager informs you that a TLS certificate has been installed on our network before proceeding beyond this point.

Configure the CDN to Communicate with your Web Servers

Before the CDN may serve HTTPS traffic from your web servers, it must be informed where they are located via a platform-specific customer originRefers to a CDN configuration that identifies one or more web servers that will serve as the source from which content may be delivered via the CDN. configuration.

Your account is configured to support either customer origin groups or the legacy method for creating customer origin configurations.

Set up Firewall Access

The next step is to ensure that a firewall doesn't block the flow of traffic between your web servers and the CDN.

Configure your firewall to allow all of our IP blocks access to your server(s).

View our IP blocks by performing one of the following steps:

Create an Edge CNAME Configuration

HTTPS traffic may only be served via an edge CNAME URLThis type of URL takes advantage of an edge CNAME configuration and a CNAME record to provide a friendlier alternative to a CDN URL. An edge CNAME URL is specific to the platform from which it was configured.. Do not attempt to serve HTTPS traffic using the CDN URL generated for the customer origin created in this tutorial.

Create an edge CNAMERefers to the mapping of a CNAME record to a directory on a CDN or customer origin server. The purpose of this mapping, which is only used by our CDN, is to establish a user-friendly alias for content served through the CDN. It relies upon your CNAME record being mapped to a CDN hostname via a DNS service provider. configuration that will direct traffic to the customer origin created in this tutorial. This setup allows traffic to be shifted to the CDN by simply updating a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME. to point to a CDN hostnameRefers to a system-defined hostname that is specific to your customer account and a CDN service..

Navigate to Edge CNAME Settings

An edge CNAME configuration must be created on the same platform as the customer origin that was created earlier in this tutorial.

Navigate to the Edge CNAMEs page corresponding to the platform to which the desired customer origin was added. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Edge CNAMEs.

Name an Edge CNAME

An edge CNAME configuration should be named after the hostname defined in the requested TLS certificate.

This name should be specified in lower-case letters and should not include a protocol (i.e., https://).

In the New Edge Cname option, type the hostname defined in the requested TLS certificate.

New Edge CNAME Option - Edge CNAME Configuration

Identify a Customer Origin

This step defines the customer origin from which requests to this edge CNAME will be served.

In the Points to option, verify that "Customer Origin" is selected.

In the Origin Directory option, select the recently created customer origin configuration.

Defining the Origin Server

Save Changes

Create an edge CNAME by saving your changes.

Click Add.

An edge CNAME that points to a customer origin configuration should appear at the top of the Edge CNAMEs page.

Wait an hour to allow your changes to be applied before proceeding beyond this point.

Update a CNAME Record via a DNS Service Provider

Switching traffic over to our CDN service requires updating a CNAME record to point to an edge CNAME .

Load your DNS service provider's portal.

Find the CNAME record corresponding to the edge CNAME created above (e.g., cdn1.mydomain.com).

Update the CNAME's value to resolve to the CDN hostname provided by your CDN account manager for the TLS certificate requested earlier in this tutorial.

Once this DNS change takes effect, traffic will shift to our CDN service.

More Information